In wireless communication systems users are offered multiple types of services into which users may access with their mobile terminals. The access to a specific service may be limited with some authentication method, such as requesting user name and/or password. Mobile communication network also provide some means for authentication. Namely, mobile subscriber's public identity is typically so called MSISDN (Mobile Subscriber ISDN Number), which is a number uniquely identifying the subscription in the mobile network, such as a GSM or a UMTS. If one wants to establish a communication channel with a mobile terminal residing in a telecommunication network, the MSISDN of the recipient is used as a destination address, i.e. a telephone number, in order to achieve the network to perform predetermined procedures in establishing the communication channel between the parties of the communication.
Another important identifier as regards to a subscription is so called IMSI (International Mobile Subscriber Identity). IMSI, in turn, is a unique identifier associated to a SIM (Subscriber Identity Module) card. SIM card stores the IMSI information and the related key for identifying and authenticating subscribers in the network. The IMSI information is sent in some contexts by the mobile terminal to the network and it is used for acquiring other details, such as a location, relating to the subscriber from some network elements, such as HLR (Home Location Register) or VLR (Visitor Location Register). An IMSI is usually presented as a 15 digit long number, but it can also be shorter.
Both the MSISDN and IMSI can also be used either alone or in combination with some other credentials for authentication in different services offered by mobile operators. An example of such a service is a Wi-Fi access in a certain location. The authentication for the Wi-Fi network can be performed by utilizing mobile telecommunication network authentication, such as MSISDN or IMSI.
The management of services relating to mobile subscriptions is traditionally performed by telecom operators. In other words, a user or the owner of the subscription, such as an enterprise, has informed the operator on the services to be available for the subscription in question. On the basis of the information received from the owner of the subscription the operator has set rights in a database on services into which the subscriber is entitled to. However, the trend has lately been that the telecom operators have enabled the management of mobile subscriptions to the enterprise customers in order to provide flexible control of services directly by the enterprise representatives, such as IT personnel. This is achieved by providing a specific tool for the enterprise customers by means of which the mobile subscriptions can be managed. In practice the tool is a software application accessible by the enterprise customer so that they are capable of managing the subscriptions of their own users. For security reasons the enterprise customers can manage the subscriptions on a basis of MSISDN, but not with IMSI, since IMSI is not commonly available in the network. On the other hand, the management of the mobile subscriptions is much clearer with MSISDN than with IMSI, since IMSI as such is not anyhow linked into the real world as the MSISDN is as a phone number. Information on the modifications made in the subscriptions is conveyed to operator's database with MSISDN information.
The arrangement as described above brings some challenges as regards to the identity of a subscriber in the network. Namely, with respect to some services the identity of a subscriber used in the network is IMSI. Now, if the modifications made into a subscription and transferred to the operator database only contain the MSISDN information it may happen that the user i.e. the subscription, cannot utilize some services, which need IMSI instead of or in addition to MSISDN information as the IMSI information is not available in the operator's database dedicated to maintain and manage enterprise subscriptions. The situation as described may happen in the context of authentication services provided by the operator as the authentication is, at least with respect to some services, requiring the IMSI.
An example of such a situation is an access to a Wi-Fi network which uses EAP-SIM/AKA (Extensible Authentication Protocol—Subscriber Identity Module/Authentication and Key Agreement) method for access rights management. The EAP-SIM/AKA uses IMSI for authentication of the subscriber, which is transferred from the user terminal to the network. At one point of the authentication procedure the IMSI is compared to IMSI information stored in the operator's database dedicated to maintain and manage enterprise subscriptions receiving the maintenance information from an enterprise database. As a result, if the IMSI information does not exist in the operator database dedicated to maintain and manage enterprise subscriptions, the comparison produces mismatch of the compared information and service denial of the subscriber.
Thus, in order to provide all allowed services for a subscriber belonging to some enterprise subscriber space it needs to be confirmed that all necessary information is available in the operator database, which may be used in an authentication of a service.